SECURITY_DESCRIPTOR

The SECURITY_DESCRIPTOR structure contains the security information associated with an object. Drivers use this structure to set and query an object's security status.

Because the internal format of a security descriptor can vary, drivers are not to modify the SECURITY_DESCRIPTOR structure directly. For creating and manipulating a security descriptor, use the functions listed in the See Also section.

typedef struct _SECURITY_DESCRIPTOR {
  UCHAR  Revision;
  UCHAR  Sbz1;
  SECURITY_DESCRIPTOR_CONTROL  Control;
  PSID  Owner;
  PSID  Group;
  PACL  Sacl;
  PACL  Dacl;
} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;

Remarks

A security descriptor includes information that specifies the following components of an object's security:

  • An owner (SID)

  • A primary group (SID)

  • A discretionary ACL (DACL)

  • A system ACL (SACL)

Qualifiers for the preceding items

Requirements

Header

Ntifs.h (include Ntifs.h)

See also

ACL
ObGetObjectSecurity
ObReleaseObjectSecurity
RtlCreateSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlValidSecurityDescriptor
SeAccessCheck
SeAssignSecurity
SeAssignSecurityEx
SECURITY_DESCRIPTOR_CONTROL
SECURITY_INFORMATION
SeDeassignSecurity
SeSetSecurityDescriptorInfo
SeSetSecurityDescriptorInfoEx
SeValidSecurityDescriptor
SID
ZwQuerySecurityObject
ZwSetSecurityObject

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft